On Monday 11 August 2008 14:08, Eric Dorland <[EMAIL PROTECTED]> wrote: > > It is possible to ptrace (strace or gdb) the gpg-agent program. > > This means that if an attacker compromises any process running on > > behalf of a user (an MUA or a web browser) then they can ptrace > > gpg-agent and wait for the GPG pass- phrase to be given to them. > > > > If gpg-agent was setgid then ptrace would not be permitted and > > security would be slightly improved. > > I'm not sure doing this so specifically just for gpg-agent is the > right approach. Something like SELinux or capabilities or something > seems more sensible.
Capabilities can't do it (AFAIK). It's ideal if we can provide security benefits for people who don't use SE Linux. > What group would be appropriate to use in any case? You could create a new gpg-agent group. Getting advice from upstream would also be a good idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
